Snort mailing list archives
Re: how to permanently supress noisy rules for snort running Ubuntu
From: "Joel Esler \(jesler\) via Snort-sigs" <snort-sigs () lists snort org>
Date: Tue, 3 Oct 2017 13:24:00 +0000
On Oct 2, 2017, at 11:52 AM, Purvesh Patolia <ppatolia () angoss com<mailto:ppatolia () angoss com>> wrote: Hello, I am a new member for snort and have never use SNORT as IDS detection tool. Can you please help me on how to supress permanently noisy rules that keep coming every day. I went to threshold.conf file and under suppress section I did write supress rule and saved the file and reboot the snort server several times for the same day the rules then don’t show up. But the next day they show up again. Not sure what will be the correct process to stop this alert more permanently. Sounds like you have some kind of process automatically updating the ruleset? -- Joel Esler Manager Talos Group http://www.talosintelligence.com
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- how to permanently supress noisy rules for snort running Ubuntu Purvesh Patolia (Oct 03)
- Re: how to permanently supress noisy rules for snort running Ubuntu Joel Esler (jesler) via Snort-sigs (Oct 03)
- Re: how to permanently supress noisy rules for snort running Ubuntu Purvesh Patolia (Oct 08)
- Re: how to permanently supress noisy rules for snort running Ubuntu Joel Esler (jesler) via Snort-sigs (Oct 03)
- Re: how to permanently supress noisy rules for snort running Ubuntu Purvesh Patolia (Oct 08)
- Re: how to permanently supress noisy rules for snort running Ubuntu Purvesh Patolia (Oct 08)
- Re: how to permanently supress noisy rules for snort running Ubuntu Joel Esler (jesler) via Snort-sigs (Oct 03)